mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2025-12-21 12:09:40 -06:00
Code Issues Packages Projects Releases Wiki Activity

Rebrand idm service

Browse Source
This commit is contained in:
Ralf Haferkamp
2025-01-16 17:01:51 +01:00
parent 61b48a2580
commit 1480126127
8 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
services/idm/README.md
View File

@@ -1,9 +1,9 @@
# IDM # IDM
The IDM service provides a minimal LDAP Service, based on [Libregraph idm](https://github.com/libregraph/idm), for oCIS. It is started as part of the default configuration and serves as a central place for storing user and group information. The IDM service provides a minimal LDAP Service, based on [Libregraph idm](https://github.com/libregraph/idm), for OpenCloud. It is started as part of the default configuration and serves as a central place for storing user and group information.
It is mainly targeted at small oCIS installations. For larger setups it is recommended to replace IDM with a “real” LDAP server or to switch to an external identity management solution. It is mainly targeted at small OpenCloud installations. For larger setups it is recommended to replace IDM with a “real” LDAP server or to switch to an external identity management solution.
IDM listens on port 9235 by default. In the default configuration it only accepts TLS-protected connections (LDAPS). The BaseDN of the LDAP tree is `o=libregraph-idm`. IDM gives LDAP write permissions to a single user (DN: `uid=libregraph,ou=sysusers,o=libregraph-idm`). Any other authenticated user has read-only access. IDM stores its data in a boltdb file `idm/ocis.boltdb` inside the oCIS base data directory. IDM listens on port 9235 by default. In the default configuration it only accepts TLS-protected connections (LDAPS). The BaseDN of the LDAP tree is `o=libregraph-idm`. IDM gives LDAP write permissions to a single user (DN: `uid=libregraph,ou=sysusers,o=libregraph-idm`). Any other authenticated user has read-only access. IDM stores its data in a boltdb file `idm/idm.boltdb` inside the OpenCloud base data directory.
Note: IDM is limited in its functionality. It only supports a subset of the LDAP operations (namely `BIND`, `SEARCH`, `ADD`, `MODIFY`, `DELETE`). Also, IDM currently does not do any schema verification (like. structural vs. auxiliary object classes, require and option attributes, syntax checks, …). Therefore it is not meant as a general purpose LDAP server. Note: IDM is limited in its functionality. It only supports a subset of the LDAP operations (namely `BIND`, `SEARCH`, `ADD`, `MODIFY`, `DELETE`). Also, IDM currently does not do any schema verification (like. structural vs. auxiliary object classes, require and option attributes, syntax checks, …). Therefore it is not meant as a general purpose LDAP server.

2
services/idm/ldif/base.ldif.tmpl
View File

@@ -28,7 +28,7 @@ givenName: Admin
sn: Admin sn: Admin
cn: admin cn: admin
displayName: Admin displayName: Admin
description: An admin for this oCIS instance. description: An admin for this OpenCloud instance.
mail: admin@example.org mail: admin@example.org
ownCloudUUID: {{ .ID }} ownCloudUUID: {{ .ID }}
oCExternalIdentity: $ {{ .Issuer }} $ {{ .ID }} oCExternalIdentity: $ {{ .Issuer }} $ {{ .ID }}

2
services/idm/pkg/command/resetpw.go
View File

@@ -76,7 +76,7 @@ func resetPassword(_ context.Context, logger log.Logger, cfg *config.Config, use
Timeout: 1 * time.Millisecond, Timeout: 1 * time.Millisecond,
} }
if err := bdb.Configure(servercfg.Logger, servercfg.LDAPBaseDN, servercfg.BoltDBFile, &opts); err != nil { if err := bdb.Configure(servercfg.Logger, servercfg.LDAPBaseDN, servercfg.BoltDBFile, &opts); err != nil {
fmt.Fprintf(os.Stderr, "Failed to open database: '%s'. Please stop any running ocis/idm instance, as this tool requires exclusive access to the database.\n", err) fmt.Fprintf(os.Stderr, "Failed to open database: '%s'. Please stop any running OpenCloud idm instance, as this tool requires exclusive access to the database.\n", err)
return err return err
} }
defer bdb.Close() defer bdb.Close()

4
services/idm/pkg/command/root.go
View File

@@ -23,11 +23,11 @@ func GetCommands(cfg *config.Config) cli.Commands {
} }
} }
// Execute is the entry point for the ocis-idm command. // Execute is the entry point for the opencloud idm command.
func Execute(cfg *config.Config) error { func Execute(cfg *config.Config) error {
app := clihelper.DefaultApp(&cli.App{ app := clihelper.DefaultApp(&cli.App{
Name: "idm", Name: "idm",
Usage: "Embedded LDAP service for oCIS", Usage: "Embedded LDAP service for OpenCloud",
Commands: GetCommands(cfg), Commands: GetCommands(cfg),
}) })

2
services/idm/pkg/command/server.go
View File

@@ -153,7 +153,7 @@ func bootstrap(logger log.Logger, cfg *config.Config, srvcfg server.Config) erro
if cfg.AdminUserID != "" { if cfg.AdminUserID != "" {
serviceUsers = append(serviceUsers, svcUser{ serviceUsers = append(serviceUsers, svcUser{
Name: "admin", Name: "admin",
Password: cfg.ServiceUserPasswords.OcisAdmin, Password: cfg.ServiceUserPasswords.OCAdmin,
ID: cfg.AdminUserID, ID: cfg.AdminUserID,
Issuer: cfg.DemoUsersIssuerUrl, Issuer: cfg.DemoUsersIssuerUrl,
}) })

8
services/idm/pkg/config/config.go
View File

@@ -34,8 +34,8 @@ type Settings struct {
} }
type ServiceUserPasswords struct { type ServiceUserPasswords struct {
OcisAdmin string `yaml:"admin_password" env:"IDM_ADMIN_PASSWORD" desc:"Password to set for the oCIS 'admin' user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"` OCAdmin string `yaml:"admin_password" env:"IDM_ADMIN_PASSWORD" desc:"Password to set for the OpenCloud 'admin' user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"`
Idm string `yaml:"idm_password" env:"IDM_SVC_PASSWORD" desc:"Password to set for the 'idm' service user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"` Idm string `yaml:"idm_password" env:"IDM_SVC_PASSWORD" desc:"Password to set for the 'idm' service user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"`
Reva string `yaml:"reva_password" env:"IDM_REVASVC_PASSWORD" desc:"Password to set for the 'reva' service user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"` Reva string `yaml:"reva_password" env:"IDM_REVASVC_PASSWORD" desc:"Password to set for the 'reva' service user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"`
Idp string `yaml:"idp_password" env:"IDM_IDPSVC_PASSWORD" desc:"Password to set for the 'idp' service user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"` Idp string `yaml:"idp_password" env:"IDM_IDPSVC_PASSWORD" desc:"Password to set for the 'idp' service user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"`
} }

2
services/idm/pkg/config/defaults/defaultconfig.go
View File

@@ -33,7 +33,7 @@ func DefaultConfig() *config.Config {
LDAPSAddr: "127.0.0.1:9235", LDAPSAddr: "127.0.0.1:9235",
Cert: path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"), Cert: path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
Key: path.Join(defaults.BaseDataPath(), "idm", "ldap.key"), Key: path.Join(defaults.BaseDataPath(), "idm", "ldap.key"),
DatabasePath: path.Join(defaults.BaseDataPath(), "idm", "ocis.boltdb"), DatabasePath: path.Join(defaults.BaseDataPath(), "idm", "idm.boltdb"),
}, },
} }
} }

2
services/idm/pkg/config/parser/parse.go
View File

@@ -41,7 +41,7 @@ func Validate(cfg *config.Config) error {
return shared.MissingServiceUserPassword(cfg.Service.Name, "IDM") return shared.MissingServiceUserPassword(cfg.Service.Name, "IDM")
} }
if cfg.AdminUserID != "" && cfg.ServiceUserPasswords.OcisAdmin == "" { if cfg.AdminUserID != "" && cfg.ServiceUserPasswords.OCAdmin == "" {
return shared.MissingServiceUserPassword(cfg.Service.Name, "admin") return shared.MissingServiceUserPassword(cfg.Service.Name, "admin")
} }